(this fails with unable to get first certificate)īut this passes the test, when the CA file is specified Openssl s_client -connect localhost:8002. Its also worth noting when running OpenSSL tests I do also get a cert validation error if I do not pass a CA file e.g. I have also restarted the ESP component, the whole cluster and restarted the OS to make sure these changes where getting picked up. as mentioned previously I have "chained" the certificate into one. SSL Labs and whatsmycertchanĪnd each do come back with a mismatch. I have used various tools on the internet to verify the certificate, e.g. I see in the config manager for the public and private certificates you specify a file name only. Then running : sudo update-ca-certificates I have also tried putting the Cert bundles in /usr/local/share/ca-certificates My public and private certificate are in this folder /var/lib/HPCCSystems/myesp var/lib/HPCCSystems/myesp and /var/lib/HPCCSystems/myesp/cachain.cer If so, does this need to be a folder location rather than an absolute file path?Īre there any restrictions on the HPCC user accessing certain locations? Is it possible to do this from config manager by using the "CA_Certificates_Path"? I did have this problem with Wordpress a while ago, and had to add a line to the apache config which pointed to the intermediate certificate.
The remote certificate is invalid according to the validation procedure windows#
When you go direct to the Roxie URL, the computers browser / windows machine seems to validate the chain from its own certificate store.
We have multiple Roxie's set-up, on premise talking to various Azure App services all of which are on premise.Īll seems to work ok, and has been for many years, but recently it appears that the SSL / TLS connection from the App Server (which will be a server running IIS10) is having problems verifying the certificate chain. The Roxie, is on premise, so the connection from Azure is whitelisted on the App service IP, and is then Nat'd through our on premise Firewall. Is your roxie/esp running in azure also, or somewhere else?
Our Azure app is talking to the Roxie directly, on port 8002, the Roxie is running HPCC V 6.2.4-1, on Ubuntu 14.04Ģ. From your azure web app, are you trying to talk to esp or roxie itself? Which port are you trying to connect to? tomcat, Ngix etc? to help me get a better understanding. Ĭan you let me know how would get around this issue?Īlso can you tell me what web server you use e.g. Normally in Apache I would specify the CA chain in the sites conf, but I don’t know where to do that in HPCC. cer file but it does not seem to have solved my issue. I have tried changing this to a directory, and a complete file path including the. Looking at the config manager I see a setting for CA_Certificates_Path under HTTPS settings within the ESP Process. I have even tried putting the intermediates and root certificate within the /var/lib/HPCCSystems/myesp folder. I have also made sure that my certificate has the intermediates “chained” inside the same certificate. I have been using open SSL to verify the certificate and can confirm this is passing the tests, when I pass either a -CAPath or -CAfile to the certificate itself, or the general CA store. It is also worth pointing out that the certificate has been issued from GoDaddy and is not a self signed one. The remote certificate is invalid according to the validation procedure.įrom what I understand the web server is unable to obtain the certificate chain. As of the last few days I am having problems talking to my Roxie over HTTPS from a web App in Azure, the error I am getting is :
0 kommentar(er)
